Ryan Naraine

GMail Goes “https-only” By Default

A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default “https:” access for its popular Web mail service.

Adobe PDF Reader Gets Another Security Makeover

Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities. The update comes with significant security improvements, including the on-by-default addition “Enhanced Security,” a feature that provides a set of default restrictions and a method to define trusted locations that should not be subject to those restrictions.

Adobe Confirms ‘Coordinated, Sophisticated’ Cyber Attack

In an attack described as “sophisticated” and “coordinated,” Adobe said its corporate network systems were breached by hackers.
The company said the attack also affected other unnamed companies. 
Adobe did not provide any other details except to say it was aware of
the breach on January 2, 2010.


Google said in a blog post today
that it will consider shutting down its site in China and closing its
offices, following a large scale attack on its corporate infrastructure
originating from China that resulted in the theft of Google’s
intellectual property.  Read the full story [ZDNet]

Microsoft has shipped a security advisory with an urgent message for Windows XP users:  Update your Flash Player immediately.The Adobe Flash Player 6 that ships by default in Windows XP is vulnerable to multiple code execution vulnerabilities that could lead to PC takeover attacks, according to the advisory.

The first Microsoft patch for 2010 is out, providing cover for a solitary vulnerability in the way Windows handles EOT (Embedded OpenType) fonts.  The update is rated “critical” but Microsoft says there is a low likelihood of exploitation on its newer operating systems.

Database server giant Oracle is joining Microsoft and Adobe this Patch Tuesday.As part of its Critical Patch Update schedule, Oracle plans to ship 24 security patches on January 12 to cover a wide range of serious vulnerabilities in its database and application server products.

A financial services industry group is
planning to simulate a series of cyber attacks to test how well banks,
payment processors and retailers deal with online threats.  Participants will be expected to activate their incident response
procedures in accordance with the scenario presented and to complete an
anonymous survey to evaluate their organization’s response. Read the full story [Dark Reading]

Microsoft’s first Patch Tuesday for 2010 will be very light: A solitary bulletin addressing a vulnerability that is rated critical only for Windows 2000 users.According to Redmond’s advance notice for the next batch of patches due on January 12, the bulletin is rated “low” for every other affected version of Windows, meaning it is “extremely difficult” to exploit or has minimal impact.